ID
VAR-200210-0084
CVE
CVE-2002-0952
TITLE
Sun Solaris rcp Command Line Parameter Local Buffer Overflow Vulnerability
Trust: 0.6
DESCRIPTION
Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface. The ONS15454 is an optical network platform manufactured and distributed by Cisco. Under some circumstances, it may be possible to stop the ONS15454 from handling traffic. The receipt of this type of packet via the TCC interface causes the reset of the TCC interface. Solaris 9 is a UNIX operating system developed by Sun, which includes the rcp program for remote copying between hosts. The rcp program does not perform correct boundary checks when processing parameter data submitted by users. Local attackers can exploit this vulnerability to carry out buffer overflow attacks. There is a loophole in rcp's processing of super long command line parameters. The user submits a file name exceeding 10,000 bytes, and the destination host name and destination file name are used as parameters for the rcp program to execute, which may cause buffer overflow. Because rcp runs as suid root in the system Attribute installation, carefully constructed parameter data may allow an attacker to execute arbitrary instructions on the system with root privileges
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | cisco | model: | optical networking systems software | scope: | eq | version: | 3.2.0 | Trust: 1.6 |
| vendor: | cisco | model: | optical networking systems software | scope: | eq | version: | 3.1.0 | Trust: 1.6 |
| vendor: | cisco | model: | ons 15454 optical transport platform | scope: | eq | version: | 3.1.0 | Trust: 0.6 |
| vendor: | cisco | model: | ons 15454 optical transport platform | scope: | eq | version: | 3.2.0 | Trust: 0.6 |
| vendor: | cisco | model: | ons optical transport platform | scope: | eq | version: | 154543.2.0 | Trust: 0.3 |
| vendor: | cisco | model: | ons optical transport platform | scope: | eq | version: | 154543.1.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
unknown
Trust: 0.6
EXTERNAL IDS
| db: | BID | id: | 5058 | Trust: 2.0 |
| db: | NVD | id: | CVE-2002-0952 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-200210-141 | Trust: 0.7 |
| db: | XF | id: | 9377 | Trust: 0.6 |
| db: | CISCO | id: | 20020619 CISCO ONS15454 IP TOS BIT VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-5341 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/5058 | Trust: 1.7 |
| url: | http://www.cisco.com/warp/public/707/ons-tos-vuln-pub.shtml | Trust: 1.7 |
| url: | http://www.iss.net/security_center/static/9377.php | Trust: 1.7 |
| url: | http://www.cisco.com/univercd/cc/td/doc/product/ong/15400/r33docs/sftuprgd/u2to33.htm | Trust: 0.3 |
| url: | http://www.cisco.com/univercd/cc/td/doc/product/ong/15400/r33docs/sftuprgd/u3to33.htm | Trust: 0.3 |
CREDITS
alex medvedev※ alexm@pycckue.org
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-5341 |
| db: | BID | id: | 5058 |
| db: | CNNVD | id: | CNNVD-200210-141 |
| db: | NVD | id: | CVE-2002-0952 |
LAST UPDATE DATE
2024-08-14T14:59:32.623000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-5341 | date: | 2018-10-30T00:00:00 |
| db: | BID | id: | 5058 | date: | 2002-06-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-200210-141 | date: | 2005-05-02T00:00:00 |
| db: | NVD | id: | CVE-2002-0952 | date: | 2018-10-30T16:25:05.637 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-5341 | date: | 2002-10-04T00:00:00 |
| db: | BID | id: | 5058 | date: | 2002-06-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-200210-141 | date: | 2002-06-19T00:00:00 |
| db: | NVD | id: | CVE-2002-0952 | date: | 2002-10-04T04:00:00 |